[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Sep 30 09:43:29 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baa7cd42 by Salvatore Bonaccorso at 2018-09-30T08:43:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2018-17783
 CVE-2018-17782
 	RESERVED
 CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on ...)
 	TODO: check
 CVE-2018-17779
@@ -15,7 +15,7 @@ CVE-2018-17778
 CVE-2018-17777
 	RESERVED
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
-	TODO: check
+	NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775
 	RESERVED
 CVE-2018-17774
@@ -417,15 +417,15 @@ CVE-2018-17577
 CVE-2018-17576
 	RESERVED
 CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the ...)
-	TODO: check
+	NOT-FOR-US: SWA SWA.JACAD
 CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the ...)
-	TODO: check
+	NOT-FOR-US: YMFE YApi
 CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of ...)
-	TODO: check
+	NOT-FOR-US: Wp-Insert plugin for WordPress
 CVE-2018-17572
 	RESERVED
 CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a profile. ...)
-	TODO: check
+	NOT-FOR-US: Vanilla
 CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
 	NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an ...)
@@ -435,7 +435,7 @@ CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has a
 CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 ...)
 	TODO: check
 CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP
 CVE-2018-17565
 	RESERVED
 CVE-2018-17564
@@ -749,7 +749,7 @@ CVE-2018-17413
 CVE-2018-17412
 	RESERVED
 CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data Quality ...)
-	TODO: check
+	NOT-FOR-US: iWay Data Quality Suite Web Console
 CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to the ...)
 	NOT-FOR-US: Horus CMS
 CVE-2018-17409
@@ -775,19 +775,19 @@ CVE-2018-17399
 CVE-2018-17398
 	RESERVED
 CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for ...)
-	TODO: check
+	NOT-FOR-US: AlphaIndex Dictionaries component for Joomla!
 CVE-2018-17396
 	RESERVED
 CVE-2018-17395
 	RESERVED
 CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component for ...)
-	TODO: check
+	NOT-FOR-US: Timetable Schedule component for Joomla!
 CVE-2018-17393
 	RESERVED
 CVE-2018-17392
 	RESERVED
 CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via ...)
-	TODO: check
+	NOT-FOR-US: Super Cms Blog Pro
 CVE-2018-17390
 	RESERVED
 CVE-2018-17389
@@ -799,27 +799,27 @@ CVE-2018-17387
 CVE-2018-17386
 	RESERVED
 CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Social Factory component for Joomla!
 CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Swap Factory component for Joomla!
 CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component for ...)
-	TODO: check
+	NOT-FOR-US: Collection Factory component for Joomla!
 CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Jobs Factory component for Joomla!
 CVE-2018-17381
 	RESERVED
 CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 component ...)
-	TODO: check
+	NOT-FOR-US: Article Factory Manager component for Joomla!
 CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Raffle Factory component for Joomla!
 CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 component for ...)
-	TODO: check
+	NOT-FOR-US: Penny Auction Factory component for Joomla!
 CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for Joomla! via ...)
-	TODO: check
+	NOT-FOR-US: Questions component for Joomla!
 CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 component ...)
-	TODO: check
+	NOT-FOR-US: Reverse Auction Factory component for Joomla!
 CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component for ...)
-	TODO: check
+	NOT-FOR-US: Music Collection component for Joomla!
 CVE-2018-17374
 	RESERVED
 CVE-2018-17373
@@ -1582,9 +1582,9 @@ CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can tr
 	NOTE: Was considered minor for jessie since arbitrary deserialization
 	NOTE: is still possible using http and https.
 CVE-2018-17056 (Cross-site scripting (XSS) vulnerability in ServiceStack in Progress ...)
-	TODO: check
+	NOT-FOR-US: Progress Sitefinity CMS
 CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity CMS ...)
-	TODO: check
+	NOT-FOR-US: Progress Sitefinity CMS
 CVE-2018-17054
 	RESERVED
 CVE-2018-17053
@@ -2464,7 +2464,7 @@ CVE-2018-16661
 CVE-2018-16660
 	RESERVED
 CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page ...)
-	TODO: check
+	NOT-FOR-US: Rausoft ID.prove
 CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
 	{DSA-4292-1 DLA-1503-1}
 	- kamailio 5.1.4-1 (bug #908324)
@@ -3439,7 +3439,7 @@ CVE-2018-16279
 CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an ...)
 	NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
 CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
 	NOT-FOR-US: OPSWAT MetaDefender
 CVE-2018-16276 (An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in ...)
@@ -4003,7 +4003,7 @@ CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html
 CVE-2018-16055 (An authenticated command injection vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2018-16054
 	RESERVED
 CVE-2018-16053
@@ -4742,7 +4742,7 @@ CVE-2018-15766
 CVE-2018-15765
 	RESERVED
 CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote ...)
-	TODO: check
+	NOT-FOR-US: EMC ESRS Policy Manager
 CVE-2018-15763
 	RESERVED
 CVE-2018-15762
@@ -5068,7 +5068,7 @@ CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config
 CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura ...)
 	NOT-FOR-US: Avaya
 CVE-2018-15611 (A vulnerability in the local system administration component of Avaya ...)
-	TODO: check
+	NOT-FOR-US: Avaya Aura Communication Manager
 CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office ...)
 	NOT-FOR-US: Avaya
 CVE-2018-15609
@@ -5685,7 +5685,7 @@ CVE-2018-15367
 CVE-2018-15366
 	RESERVED
 CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information ...)
 	NOT-FOR-US: Trend Micro
 CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...)
@@ -6556,9 +6556,9 @@ CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the ...)
 	NOT-FOR-US: WeaselCMS
 CVE-2018-14957 (CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file ...)
-	TODO: check
+	NOT-FOR-US: CMS ISWEB
 CVE-2018-14956 (CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An ...)
-	TODO: check
+	NOT-FOR-US: CMS ISWEB
 CVE-2018-14949
 	RESERVED
 CVE-2018-14948 (An issue has been found in dilawar sound through 2017-11-27. The end of ...)
@@ -6860,7 +6860,7 @@ CVE-2018-14826
 CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 ...)
 	NOT-FOR-US: Honeywell
 CVE-2018-14824 (Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics Delta Industrial Automation PMSoft
 CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2018-14822
@@ -9052,7 +9052,7 @@ CVE-2018-14039
 CVE-2018-14038
 	RESERVED
 CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor ...)
-	TODO: check
+	NOT-FOR-US: Progress Kendo UI Editor
 CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
 	- ruby-doorkeeper 4.4.2-1 (bug #903980)
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baa7cd427fb51e9946efda5fe881b792566ea26f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baa7cd427fb51e9946efda5fe881b792566ea26f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180930/431a8253/attachment.html>


More information about the debian-security-tracker-commits mailing list